Finding Mapped Drives with Meterpreter

This post written by Matt Gardenghi --------- This is going to be a series of short "how to" articles so that I have a resource when I forget how I did something. Your benefit from this post is incidental to my desire to have a resource I can reach when I've had a brain cloud. […]

Information Security For College Students

I've thought about this off and on over the last few years.  Today I noticed that Kees Leune (http://www.leune.org/blog/kees/2010/07/teaching-agai.html) is going to be teaching a class this school year.  He was asking for comments and so here's mine.... I'd like to see a threefold class system.  The first class would entail an overview of the […]

Confidential Information in the Cloud

This is another special blog written by Matt Gardenghi! My boss passed around a document about database security in the cloud.  It raised issues about proper monitoring of the DB, but offered no solutions. This got me thinking.  I hate it when that happens.  Its like an automatic "boss button" that I can't switch off.  […]

Exotic XSS: The HTML Image Tag

There are the usual XSS tests.  And then there are the fun ones.  This is a story about a more exotic approach to testing XSS.... I was testing a company that had passed all XSS tests from their pentester.  I found that they allowed users to write HTML tags.  Of course they didn't permit <script> […]

Are you a “Real” hacker or just a skiddie?

This is yet another guest post from our good friend Matt Gardenghi! If you enjoy this one, don't forget to check his last one: Trusting the Browser (a ckeditor short story). ------------------ Often, I hear arguments that go like this: real hackers write code and exploits; everyone else is a script-kiddie. That is a dumb […]

Trusting the Browser (a ckeditor short story)

My name is Matt Gardenghi. Ron seems to think it important that this post be clearly attributed to someone else (this fact might worry me). I'm an occasional contributor here (see: Bypassing AV). I handle security at Bob Jones University and also perform pentests on the side. (So if you need someone to do work, […]